Some OnePlus phones appear to be mining user data – but is it as bad as it sounds? And how can you make it stop? Here’s what you need to know.
Gadget makers regularly suck up your data in a bid to improve user experience. It’s important for developers to have a good idea about what’s going on in your phone, because it helps them fix problems when things go wrong.
But excessive data mining is an easy way to get people riled up about smartphone security and data privacy – and it seems OnePlus is the latest culprit.
Related: Best Android phones
Is OnePlus taking too much of your data?
A software engineer by the name of Christopher Moore has published a lengthy blog post that details overzealous user data transmissions from his OnePlus 2 smartphone.
Using OWASP ZAP, Moore was able to view all incoming and outgoing internet traffic from his phone, and discovered a large amount of data being sent to the open.oneplus.net server. The data was encrypted, but he used his own phone’s authentication key to decrypt it.
The decrypted data revealed that time-stamped information about unexpected reboots – as well as every single phone lock and unlock – was being sent to OnePlus. A little odd, but nothing too extreme.
Over time, however, Moore discovered that a whole host of info was being sent to OnePlus, included:
- Smartphone IMEI number
- Mobile phone number
- MAC addresses
- Mobile network names
- IMSI prefixes
- Wi-Fi connection info
- Smartphone serial number
- Every time an app was opened
- Timestamps of activities fired up in which applications
“That’s quite a bit of information about my device, even more of which can be tied directly back to me by OnePlus and other entities,” said Moore.
After some further investigation, Moore discovered that the code responsible for collecting the data was part of the OnePlus Device Manager and the OnePlus Device Manager Provider.
How to stop OnePlus data transmissions
So how do you stop it from happening? Moore writes: “Unfortunately, as a system service, there doesn’t appear to be any way of permanently disabling this data collection or removing this functionality without rooting the phone.”
He continued: “One alternative would be to stop the service every time you boot your phone (assuming it doesn’t get periodically restarted) or using an app to achieve the same effect, or perhaps prevent communication with open.oneplus.net somehow.”
However, your prospects aren’t entirely bleak. Twitter user @JaCzekanski says that you can plug your phone into a computer with ADB installed (with USB debugging enabled), and running the following command:
pm uninstall -k –user 0 net.oneplus.odm
However, do this at your own peril – it’s not clear what effect this will have on your core OnePlus systems.
OnePlus also offers its own solution, in the form of a statement sent to Trusted Reviews:
“We securely transmit analytics in two different streams over HTTPS to an Amazon server. The first stream is usage analytics, which we collect in order for us to more precisely fine tune our software according to user behaviour.”
It goes on: “This transmission of usage activity can be turned off by navigating to ‘Settings’ -> ‘Advanced’ -> ‘Join user experience program’. The second stream is device information, which we collect to provide better after-sales support. We do not share any analytics data with outside parties.”
We’re not entirely sure how much data this will stop being transmitted, and we discovered that the feature was already turned off by default on our own OnePlus 5 model. We’ll update you once we know more.
Related: Samsung Galaxy S9
What do you think about the OnePlus 5? Let us know via Facebook or Twitter.